Here the parameter principal => 'CONNECT' indicates that the ACL applies to the CONNECT role. You can define a user or a role here. The ACL is created as a file called utlpkg.xml. After the creation, you can check to make sure the ACL was added:

Note the last line in the output, which shows the ACL you just created. Next, add a privilege to this ACL. In this example, you are trying to limit this ACL to the user SCOTT. You can also define start and end dates. begin dbms_network_acl_admin.add_privilege ( acl => 'utlpkg.xml', principal => 'SCOTT', is_grant => TRUE, privilege => 'connect', start_date => null, end_date => null); end;

In this example, you are specifying that "the user SCOTT can call only the host www.proligence.com and only for the ports 22 through 55, and not outside it." Now, let's try it: SQL> grant execute on utl_http to scott 2 /

Grant succeeded.

SQL> conn scott/tigerConnected.SQL> select utl_http.request('http://www.proligence.com') from dual;select utl_http.request('http://www.proligence.com') from dual *ERROR at line 1:ORA-29273: HTTP request failedORA-06512: at "SYS.UTL_HTTP", line 1577ORA-24247: network access denied by access control list (ACL)ORA-06512: at line 1

Note the error "ORA-24247: network access denied by access control list (ACL)." The user called the http server on port 80, which is outside the allowed range 22-55. Therefore the action was prevented. Now, add another rule to allow the communication: